CAP_SYS_ADMIN is already overloaded left and right,so to have more finegrained access control useCAP_SYS_RESOUCE here.

The CAP_SYS_RESOUCE is chosen because this prctloption allows a current process to adjust somefields of memory map descriptor which ratherrepresent what the process owns: pointers tocode, data, stack segments, command line,auxilary vector data and etc.